Vulnerability Details : CVE-2013-0648
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2013-0648
Probability of exploitation activity in the next 30 days: 5.67%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-0648
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2013-0648
-
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html
[security-announce] openSUSE-SU-2013:0360-1: critical: flash-player to 1Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html
[security-announce] openSUSE-SU-2013:0359-1: critical: flash-player to 1Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html
[security-announce] SUSE-SU-2013:0373-1: critical: Security update for fMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0574.html
RHSA-2013:0574 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.adobe.com/support/security/bulletins/apsb13-08.html
Adobe – Security Bulletins: APSB13-08 – Security updates available for Adobe Flash PlayerPatch;Vendor Advisory
Products affected by CVE-2013-0648
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*